Primary

Context

Ajenti Authorization Bypass Vulnerability Allowing Unauthorized Package Installation

Vulnerability

Patched

A vulnerability exists in Ajenti versions prior to 2.2.15, allowing an authenticated user to install custom packages without superuser privileges. This issue arises in the ajenti-panel component when the auth_users plugin authentication method is used.

Impact

Exploitation of this vulnerability could lead to unauthorized package installations, potentially allowing for the introduction of malicious software or modifications to the server environment.

Remediation

Users are advised to upgrade to Ajenti version 2.2.15 or later.

Added: Apr 6, 2026, 6:23 PM

Updated: Apr 6, 2026, 6:23 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.3

remediation

7.7

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

2.5

exploitability

6.3

remediation

7.7

relevance

5.4

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Ajenti Authorization Bypass Vulnerability Allowing Unauthorized Package Installation

Vulnerability

Impact

Remediation

Affected Products

Ajenti

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating